Submit Search
Upload
Risk based approach to managing privacy (EDPD 2015)
•
0 likes
•
221 views
Oskari Rovamo
Follow
Risk-based approach slides from European Data Protection Days 2015 in Berlin.
Read less
Read more
Law
Report
Share
Report
Share
1 of 9
Download now
Download to read offline
Recommended
Bill checkpoint
Bill checkpoint
Billy Cox
NTXISSACSC4 - Day in the Life of a Security Solutions Architect
NTXISSACSC4 - Day in the Life of a Security Solutions Architect
North Texas Chapter of the ISSA
Tufin SecureCloud
Tufin SecureCloud
Matt Kerr
External TGF brand presentation Final - no video
External TGF brand presentation Final - no video
Karis Higson BA (Hons), MSc
IoTC - The Future of IoT Privacy & Security Task Force
IoTC - The Future of IoT Privacy & Security Task Force
Christopher P. Williams
Cyber Tech Corporate
Cyber Tech Corporate
rolfpost
Cognizant EBA-ERSS
Cognizant EBA-ERSS
Nitin Sharma
Cyber Security Regional Forum: APNIC's cybersecurity work in the Pacific
Cyber Security Regional Forum: APNIC's cybersecurity work in the Pacific
APNIC
Recommended
Bill checkpoint
Bill checkpoint
Billy Cox
NTXISSACSC4 - Day in the Life of a Security Solutions Architect
NTXISSACSC4 - Day in the Life of a Security Solutions Architect
North Texas Chapter of the ISSA
Tufin SecureCloud
Tufin SecureCloud
Matt Kerr
External TGF brand presentation Final - no video
External TGF brand presentation Final - no video
Karis Higson BA (Hons), MSc
IoTC - The Future of IoT Privacy & Security Task Force
IoTC - The Future of IoT Privacy & Security Task Force
Christopher P. Williams
Cyber Tech Corporate
Cyber Tech Corporate
rolfpost
Cognizant EBA-ERSS
Cognizant EBA-ERSS
Nitin Sharma
Cyber Security Regional Forum: APNIC's cybersecurity work in the Pacific
Cyber Security Regional Forum: APNIC's cybersecurity work in the Pacific
APNIC
Nokia_Final (1)
Nokia_Final (1)
Samantha Kussmann
Nokia Corporate Strategy Critique
Nokia Corporate Strategy Critique
Motaz Agamawi
Business environment and analysis of nokia
Business environment and analysis of nokia
shaunakbajpai
Presentation on nokia overall started
Presentation on nokia overall started
ANSHU TIWARI
NOKIA PRESENTATION
NOKIA PRESENTATION
Surjeet Singh
Failure of nokia
Failure of nokia
Karan Chaudhary
PPT - Powerful Presentation Techniques
PPT - Powerful Presentation Techniques
University of Wisconsin Milwaukee
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
360 BSI
Iso 27001 2013
Iso 27001 2013
Magda CHELLY, Ph.D, S-CISO, CISSP®
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interprom
Mart Rovers
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
360 BSI
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE
360 BSI
12 Best Privacy Frameworks
12 Best Privacy Frameworks
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
360 BSI
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
PECB
Data Privacy Protection Competrency Guide by a Data Subject
Data Privacy Protection Competrency Guide by a Data Subject
John Macasio
IT Information Security Management Principles, 28 February - 02 March 2016 Du...
IT Information Security Management Principles, 28 February - 02 March 2016 Du...
360 BSI
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
360 BSI
CV 2.4 18/06/2016
CV 2.4 18/06/2016
Neil Barnacle FBCS CITP
New Branded CS.AkzoNobel.Montataire_15.7b_2016
New Branded CS.AkzoNobel.Montataire_15.7b_2016
Jean-Marc LEON
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risks
IT Governance Ltd
CIPM
CIPM
Mustafa Kuğu
More Related Content
Viewers also liked
Nokia_Final (1)
Nokia_Final (1)
Samantha Kussmann
Nokia Corporate Strategy Critique
Nokia Corporate Strategy Critique
Motaz Agamawi
Business environment and analysis of nokia
Business environment and analysis of nokia
shaunakbajpai
Presentation on nokia overall started
Presentation on nokia overall started
ANSHU TIWARI
NOKIA PRESENTATION
NOKIA PRESENTATION
Surjeet Singh
Failure of nokia
Failure of nokia
Karan Chaudhary
PPT - Powerful Presentation Techniques
PPT - Powerful Presentation Techniques
University of Wisconsin Milwaukee
Viewers also liked
(7)
Nokia_Final (1)
Nokia_Final (1)
Nokia Corporate Strategy Critique
Nokia Corporate Strategy Critique
Business environment and analysis of nokia
Business environment and analysis of nokia
Presentation on nokia overall started
Presentation on nokia overall started
NOKIA PRESENTATION
NOKIA PRESENTATION
Failure of nokia
Failure of nokia
PPT - Powerful Presentation Techniques
PPT - Powerful Presentation Techniques
Similar to Risk based approach to managing privacy (EDPD 2015)
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
360 BSI
Iso 27001 2013
Iso 27001 2013
Magda CHELLY, Ph.D, S-CISO, CISSP®
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interprom
Mart Rovers
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
360 BSI
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE
360 BSI
12 Best Privacy Frameworks
12 Best Privacy Frameworks
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
360 BSI
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
PECB
Data Privacy Protection Competrency Guide by a Data Subject
Data Privacy Protection Competrency Guide by a Data Subject
John Macasio
IT Information Security Management Principles, 28 February - 02 March 2016 Du...
IT Information Security Management Principles, 28 February - 02 March 2016 Du...
360 BSI
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
360 BSI
CV 2.4 18/06/2016
CV 2.4 18/06/2016
Neil Barnacle FBCS CITP
New Branded CS.AkzoNobel.Montataire_15.7b_2016
New Branded CS.AkzoNobel.Montataire_15.7b_2016
Jean-Marc LEON
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risks
IT Governance Ltd
CIPM
CIPM
Mustafa Kuğu
A case study on Protecting information in an online learning environment
A case study on Protecting information in an online learning environment
guest41dd05
PECB Certified ISO 27001:2013 Lead Implementer by Kinverg
PECB Certified ISO 27001:2013 Lead Implementer by Kinverg
Kinverg
Alpes strategie v5
Alpes strategie v5
Elysée (Elisha) Attia
PROFESSIONAL CERTIFICATE IN SECURITY MANAGEMENT - FOR TODAY'S LEADERS
PROFESSIONAL CERTIFICATE IN SECURITY MANAGEMENT - FOR TODAY'S LEADERS
Ruth Jones
IT Security Architecture & Leadership, 24 - 27 November 2013 Dubai UAE
IT Security Architecture & Leadership, 24 - 27 November 2013 Dubai UAE
360 BSI
Similar to Risk based approach to managing privacy (EDPD 2015)
(20)
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
Iso 27001 2013
Iso 27001 2013
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interprom
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE
12 Best Privacy Frameworks
12 Best Privacy Frameworks
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
Data Privacy Protection Competrency Guide by a Data Subject
Data Privacy Protection Competrency Guide by a Data Subject
IT Information Security Management Principles, 28 February - 02 March 2016 Du...
IT Information Security Management Principles, 28 February - 02 March 2016 Du...
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
CV 2.4 18/06/2016
CV 2.4 18/06/2016
New Branded CS.AkzoNobel.Montataire_15.7b_2016
New Branded CS.AkzoNobel.Montataire_15.7b_2016
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risks
CIPM
CIPM
A case study on Protecting information in an online learning environment
A case study on Protecting information in an online learning environment
PECB Certified ISO 27001:2013 Lead Implementer by Kinverg
PECB Certified ISO 27001:2013 Lead Implementer by Kinverg
Alpes strategie v5
Alpes strategie v5
PROFESSIONAL CERTIFICATE IN SECURITY MANAGEMENT - FOR TODAY'S LEADERS
PROFESSIONAL CERTIFICATE IN SECURITY MANAGEMENT - FOR TODAY'S LEADERS
IT Security Architecture & Leadership, 24 - 27 November 2013 Dubai UAE
IT Security Architecture & Leadership, 24 - 27 November 2013 Dubai UAE
Recently uploaded
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptx
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptx
srikarna235
如何办理威斯康星大学密尔沃基分校毕业证学位证书
如何办理威斯康星大学密尔沃基分校毕业证学位证书
Fir sss
如何办理澳洲南澳大学(UniSA)毕业证学位证书
如何办理澳洲南澳大学(UniSA)毕业证学位证书
Fir L
Trial Tilak t 1897,1909, and 1916 sedition
Trial Tilak t 1897,1909, and 1916 sedition
NilamPadekar1
Special Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreement
ShubhiSharma858417
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
SD DS
John Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A History
John Hustaix
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
SD DS
如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书
如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书
Sir Lt
如何办理美国波士顿大学(BU)毕业证学位证书
如何办理美国波士顿大学(BU)毕业证学位证书
Fir L
如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书
如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书
Fs Las
如何办理佛蒙特大学毕业证学位证书
如何办理佛蒙特大学毕业证学位证书
Fir sss
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书
Fs Las
国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》
国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》
o8wvnojp
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
Dr. Oliver Massmann
如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书
SD DS
An Introduction guidance of the European Union Law 2020_EU Seminar 4.pptx
An Introduction guidance of the European Union Law 2020_EU Seminar 4.pptx
KUHANARASARATNAM1
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书
SD DS
Comparison of GenAI benchmarking models for legal use cases
Comparison of GenAI benchmarking models for legal use cases
ritwikv20
如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书
如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书
FS LS
Recently uploaded
(20)
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptx
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptx
如何办理威斯康星大学密尔沃基分校毕业证学位证书
如何办理威斯康星大学密尔沃基分校毕业证学位证书
如何办理澳洲南澳大学(UniSA)毕业证学位证书
如何办理澳洲南澳大学(UniSA)毕业证学位证书
Trial Tilak t 1897,1909, and 1916 sedition
Trial Tilak t 1897,1909, and 1916 sedition
Special Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreement
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
John Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A History
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书
如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书
如何办理美国波士顿大学(BU)毕业证学位证书
如何办理美国波士顿大学(BU)毕业证学位证书
如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书
如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书
如何办理佛蒙特大学毕业证学位证书
如何办理佛蒙特大学毕业证学位证书
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书
国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》
国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书
An Introduction guidance of the European Union Law 2020_EU Seminar 4.pptx
An Introduction guidance of the European Union Law 2020_EU Seminar 4.pptx
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书
Comparison of GenAI benchmarking models for legal use cases
Comparison of GenAI benchmarking models for legal use cases
如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书
如何办理伦敦南岸大学毕业证(本硕)LSBU学位证书
Risk based approach to managing privacy (EDPD 2015)
1.
1 © Nokia
2015 RISK-BASED APPROACH Managing privacy in a complex global technology business “European Data Protection Days” Conference, 4-5 May 2015 Oskari Rovamo, Global Privacy Counsel Nokia Corporation
2.
2 © Nokia
2015 HERE Nokia Technologies Nokia Networks NOKIA REINVENTED
3.
3 © Nokia
2015 GROUP-WIDE PRIVACY RISK CONTROL FRAMEWORK Responsible for Implementing the Policy and Program, SOP’s. Privacy Owners and Officer(s). Responsible for Policy, Program, Objectives, Group wide requirements and processes, Support Accountable for Nokia Privacy Policy and Program. Sufficiently independent. Nokia Privacy Owner Nokia Group Privacy Officer Networks HERE Technologies Corporate Functions Cross-teams: Security, Legal & Compliance, Enterprise Risk Management, Government Relations, Human Rights, Industry outreach, External Communications 1. Executive Accountability 2. Policies and processes 3. Staff, resources 4. Training and awareness 5. Risk assessment and mitigation 6. Issue response 7. Internal enforcement
4.
4 © Nokia
2015 NOKIA PRIVACY VISION AND PRINCIPLES Aligned with globally recognized privacy frameworks. Serves as the basis for more detailed standard operating procedures, requirements, guidelines and design patterns. We respect privacy Accountable, fair and lawful processing Privacy by Design Transparency, choice and individual participation Collection and purpose limitation Data management Limited and controlled disclosures Security safeguards
5.
5 © Nokia
2015 KNOW YOUR RISKS, THEN MITIGATE THEM Principles Threats, Harm Residual Risk Risk Different privacy analysis approaches: • Goal-oriented • Risk-based • Combination/hybrid Controls Requirements
6.
6 © Nokia
2015 WHAT PRIVACY ANALYSIS APPROACH DO YOU USE? a) Goal-oriented e.g. processes where defined, repeatable and easy- to-follow privacy requirements are turned into privacy controls. b) Risk-based e.g. privacy impact assessment is used to identify treats and harm as well as to determine the risk; privacy controls proposed to treat the risk. c) Combination/hybrid e.g. processes combine both goal-oriented and risk-based approaches. d) Other/none e.g. no privacy analysis is done.
7.
7 © Nokia
2015 PRIVACY ENGINEERING & ASSURANCE COMPONETS Principles, Statements, Requirements, Procedures, Guidelines, Patterns Planning & Concepting Threat Assessment and Mitigation Privacy requirements identification Design, Implement, Test Map privacy requirements into product features Select guidelines, patterns Review Against requirements Can be standalone Release Assessment Sign-off Evidence Evidence Privacy Engineering Privacy Assurance Privacy Knowledge Base Evidence
8.
8 © Nokia
2015 THANK YOU!
Download now